package com.example.demo.config;

import com.example.demo.security.service.MyAccessDecisionManager;
import com.example.demo.security.service.MyFilterSecurityInterceptor;
import com.example.demo.security.service.MyInvocationSecurityMetadataSourceService;
import com.example.demo.security.service.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import javax.servlet.Filter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    //自定义用户服务
    @Autowired
    MyUserDetailsService detailsService;

//    @Autowired
//    private MyInvocationSecurityMetadataSourceService mySecurityMetadataSource;//自定义验证


     @Autowired
    private MyFilterSecurityInterceptor myFilter;

//    @Autowired
//    private MyAccessDecisionManager myAccessDecisionManager;



    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/static/**");
        web.ignoring().antMatchers("/css/**");
        web.ignoring().antMatchers("/js/**");
        web.ignoring().antMatchers("/plugins/**");
        super.configure(web);
    }


//    @Bean
//    public MyAccessDecisionManager getMyAccessDecisionManager() {
//        return new MyAccessDecisionManager();
//    }

//    @Bean
//    public MyInvocationSecurityMetadataSourceService getMySecurityMetadataSource() {
//        return new MyInvocationSecurityMetadataSourceService();
//    }






    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);

        //解决不允许显示在iframe的问题
        http.headers().frameOptions().sameOrigin();

        http.authorizeRequests()
                .antMatchers("/API/**").permitAll()
                .antMatchers("/Admin/**").authenticated()
                .and().formLogin().loginPage("/login/index").usernameParameter("username").passwordParameter("password")
                .loginProcessingUrl("/login/process")
                .successForwardUrl("/Admin/index")
                .defaultSuccessUrl("/Admin/index")
                .failureUrl("/login/index").permitAll()
                .and().logout().logoutUrl("/login/logout").logoutSuccessUrl("/login/index").permitAll();
//                 ;



//        http.formLogin().loginPage("/login/index").usernameParameter("username").passwordParameter("password")
//                .loginProcessingUrl("/login/process")
//                .successForwardUrl("/Admin/index")
//                .defaultSuccessUrl("/Admin/index")
//                .failureUrl("/login/index").permitAll()
//                .and().logout().logoutUrl("/login/logout").logoutSuccessUrl("/login/index").permitAll();


//        http.authorizeRequests().anyRequest().authenticated()
//                .and().formLogin().loginPage("/login/index").usernameParameter("username").passwordParameter("password")
//                . loginProcessingUrl("/login/process").defaultSuccessUrl("/Admin/index")
//                .failureUrl("/login?error").permitAll().and().logout().permitAll();

        http.addFilterBefore(myFilter,FilterSecurityInterceptor.class);

        /**
         * 禁用csrf
         */
        http.csrf().disable();

        //只允许一个用户登录,如果同一个账户两次登录,那么第一个账户将被踢下线,跳转到登录页面
//        http.sessionManagement().maximumSessions(1).expiredUrl("/login");
    }

    /**
     * 用户名 密码 认证方式
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication().withUser("user").password("zgscwjm").roles("ADMIN");
//        super.configure(auth);


        auth.userDetailsService(detailsService).passwordEncoder(new Md5PasswordEncoder());
    }


}
